Intent Matters When Conducting Third Party Due Diligence

by Matt Kelly on May 18th, 2018

Intent Matters When Conducting Third Party Due Diligence

The complexity of third-party relationships in modern business is only growing more intricate, and that presents companies with challenges well beyond conducting due diligence on those third parties. Now you also need to ensure that the oversight you impose trickles down to subcontractors and other fourth parties ultimately working for your business.

After all, a third-party’s relationships with sub-agents can change the due diligence assessments you originally made. If you don’t know and understand what those sub-agent relationships are, your due diligence conclusions could be wrong — but your organization won’t be able to dodge liability simply because you ignored the shell game of moving corruption from your third parties to your fourth parties.

Regulators want to see a serious, substantive commitment to anti-corruption; rather than a cute re-arrangement of corruption risk so it hovers just beyond the letter of the law. Compliance programs need to ensure that third parties don’t outsource services to other agents that have avoided assessment and who might pose high risk to your company.

The point here is that intent matters. Whether you are building your third party due diligence program — or compliance program in general — an honest and genuine quest to identify and mitigate corruption risks should underpin that work.

The Justice Department and SEC have stressed this before. In the 2012 Resource Guide to the U.S. Foreign Practices Act, they call it the “head-in-the-sand” problem (also described as “willful blindness,” “conscious disregard,” and “deliberate ignorance”). The guidance even says: “management officials [cannot] take refuge from the Act’s prohibitions by their unwarranted obliviousness to any action (or inaction), language or other ‘signalling device’ that should reasonably alert them of the ‘high probability’ of an FCPA violation.”.

In practice, that means due diligence and monitoring of your agents should fuse together into a more unitary program of contract requirements, background checks, documentation, accounting controls, and follow-up inspections. All of it has to work in concert.

The goal isn’t to perform one set of due diligence checks on a group of people and declare victory, so employees can get on with their “real” jobs. The goal is a continuous, sincere effort at keeping bad actors away from your enterprise.

Strict contract language with your third parties is one step. (Some clothing retailers, for example, forbid their suppliers from subcontracting with other manufacturers that might be sweatshops.) You also need procedures to fight that battle: providing lists of “banned” persons to your legitimate agents; or accounting controls to help you see whether any company money trickles down to improper sub-agents anyway.

And, as always, the need for strong training and ethical commitment is paramount. No tool is better at rooting out misconduct like this than an employee who says, “Whoa, that’s Phil from Corrupt Agents XYZ Corp. — I thought we fired them months ago! Now he’s with Acme Ethical Agents? I gotta mention that to the boss.”

Achieving that state of high ethical performance isn’t easy, of course. On the other hand, missing the mark by a country mile isn’t much fun either.

Building a comprehensive structure for your compliance program is essential to effectively and efficiently mitigate risk. And while risks vary from one company to another based on industry, location, and partners – thereby disqualifying any one-size-fits-all compliance program – the underlying structure of a program can, to a reasonable extent, be broken down into a set of components.